![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 3%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,459 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@LH Thank you for reaching out to Microsoft Q&A. To answer your first question, the recommendation is to set up separate production and non-production environments and then set up a CI/CD pipeline as mentioned in docs: https://learn.microsoft.com/en-us/azure/api-management/devops-api-development-templates.
The below pros/cons are not specific to APIM but in general and can be applied to other resources as well.
Pros:
Creates a boundary between prod and non-prod environments which makes resource management safe.
- Apply different policies at the subscription level for policy compliance or enforce policies.
- Resource tagging and naming conventions, access management
- Apply different network security rules like NSG, route table, security zones etc.
- Also, multiple development teams might work in a development environment, with elevated permissions at a subscription or resource level and isolation helps them to elevate such risks or any security concerns.
Cons:
There might be an additional overhead in managing multiple subscriptions, policies, network rules etc. depends on enterprise/organization structure.
Looking at the architecture diagram attached, this provides a great isolation between PROD and NON-PROD APIM instances with different subscriptions and VNET(s). The pros and cons should apply very well for this. Do you have any specific questions other than the ones I listed? I am happy to help if you have any and feel free to add.